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ABSTRACT 

The history of the space industry stretches far and above 
lunar landings to the construction of the International 
Space Station. For years, humans have sought to 
understand the nature of the universe. As society grows 
in knowledge and curiosity of space, the focus of 
maintaining the safety of the crew and vehicle 
habitability is of utmost importance to the National 
Aeronautics and Space Administration (NASA) 
community. Through the years, Payload Safety has 
developed not only as a Panel, but also as part of the 
NASA community, striving to enhance the efficiency 
and understanding of how business should be conducted 
as more International Partners become involved. This is 
the first in a series of papers and presentations in what is 
hoped to be an annual update that provides continuous 
challenges and lessons learned in the areas of 
communication, safety requirements and processes and 
other areas which have been vital to the Payload Safety 
Review Panel (PSRP). 

1. BACKGROUND 

Manned Space Flight has a rich and vibrant history, full 
of great successes interspersed with set backs. Through 
manned space flight, humans have sought to learn much 
about both the universe and the microgravity 
environment of space and its effects upon materials and 
living organisms through experimentation and research. 
The National Aeronautics and Space Administration 
(NASA) established the Payload Safety Review Panel 
(PSRP) as both a panel and a format by which 
experiments, deemed Payloads, are reviewed for Space 
Flight Safety. A great deal of knowledge regarding 
hardware safety and process improvements has been 
gleaned by the PSRP through the various payloads that 
have been assessed for safety and their subsequent 
operation in space. 

The recent additions of the European Space Agency 
(ESA) Columbus Orbiting Laboratory (COL) (launched 
on STS- 1 22/1 E) and the Japan Aerospace Exploration 
Agency (JAXA) Japanese Experiment Module (JEM) or 
KIBO (launched on STS- 1 23/1 J/A) to the International 
Space Station (ISS) mark significant accomplishments 


in Manned Space Flight as the ISS has become a truly 
international endeavor with participation from 
Americans, Russians, Europeans, Japanese, and 
Canadians. The testing of Ares-1 in 2009 and the STS- 
133/ULF5 mission in 2010 will also mark milestones 
with testing the new Constellation vehicle and retiring 
the Space Shuttle vehicle. Changes are inevitable with 
these milestones. In looking to and planning for the 
future, we should build on and learn from the past. 

To that aim, a team of contract Safety and Mission 
Assurance (S&MA) Payload Safety Engineers (PSEs), 
PSE Team and Technical Leads, and a NASA PSRP 
Chairman set out to review key lessons learned in 
Payload Safety and the PSRP and to assess how specific 
and strategic planning will ensure success for future 
endeavors. We focused on three main areas in reviewing 
past experiences and planning for the future: 
communication, safety requirements, and processes. 
This paper highlights concerns within the topic areas, 
provides information and examples, and highlights 
plans for the future of Payload Safety in space 
exploration and experimentation. 

1.1. NASA PSRP 

Multiple safety panels, developed intentionally with 
different specific functions exist within NASA. This 
paper focuses on NASA’s PSRP. 

Chartered by NASA in the 1970s, the PSRP began 
conducting reviews of payload flight hardware or Flight 
Safety Reviews (FSRs) in 1979 in support of the Space 
Shuttle Program (SSP). Today, the PSRP supports both 
the Space Shuttle Program and the ISS Program and 
will be supporting NASA’s newest program, the 
Constellation/Exploration Program, in the future. 

Supporting two Programs results in a very full calendar 
for the PSRP and its technical support personnel. In 
Fiscal Year (delineated as October 1, 2007-September 
30, 2008) 2008 (FY08), the PSRP conducted 

approximately 158 formal (full-panel 
reviews/discussions) FSRs and 281 informal (Outside- 



Of-Board (OOB) or partial panel reviews/discussions 
and Working Groups (WGs)). 

The PSRP is comprised of approximately twelve 
members representing key NASA Directorates 
(divisions) and the Space Shuttle and ISS vehicles, with 
meetings conducted by the Chairperson. Assisting the 
core panel members are numerous technical/discipline- 
based personnel (most of whom are organizationally 
part of NASA’s Engineering Directorate). There is also 
an Executive Officer from the S&MA Directorate that 
seeks to maintain the consistency of the panel and 
interpretation of safety requirements. The PSRP is 
tasked to perform the following functions on the behalf 
of the Space Shuttle Program (SSP) and ISS Program 
Managers [ 1 ] [2] : 

Assist Payload Organizations (POs) in the 
interpretation of safety requirements and provide 
recommendations for implementation and/or 
interpretation, 

Conduct FSRs as appropriate during various phases 
of hardware design/development, 

Evaluate modifications to hardware that either 
affect a safety critical subsystem or create a 
potential hazard to the vehicle or crew, 

Evaluate safety analyses, safety reports, and non- 
compliant conditions, 

Evaluate safety implications associated with on- 

orbit anomalies, and 

Assure the resolution of safety issues. 

2. COMMUNICATION 

Communication, the giving or exchanging of 
information, is the key to success in any endeavor. The 
setting of an FSR, with a multi-member panel, technical 
support personnel, and POs, provides multiple 
opportunities for communication to go awry. Challenges 
arise from the very setting or medium in which the 
interaction takes place, the participants involved in the 
discussion, and the details of the topic discussed that set 
the frame work for a definitive conclusion [3]. 

Within the scope of Payload Safety, the following 
observations have been made regarding past experiences 
and coordination of daily work and ideas for future 
planning. 

2.1. Observations from the Past and Daily Workings 

The way we communicate and the frequency of our 
correspondence can strongly affect how effectively 
business will get done. The goals of Safety are so 
important that it is necessary we stay of one accord 
within our own organization and in our partnerships. 


Working with the PSRP and Support Personnel 

Our unified mission is the assurance that the vehicle (for 
example: Space Shuttle or ISS, etc.) and crew are safe 
from hazards created by payloads and interactions with 
the environments and other hardware/experiments 
operating in the vicinity. Between the PSRP and PSRP 
support personnel there is an established ease in 
communication, developed due to the frequency of 
discussions amongst personnel with common goals. 
Though it may be on an as-needed basis, there is ample 
opportunity to contact the necessary technical experts 
(or subject-matter points of contact) within NASA when 
issues need to be resolved. 

Call for comments, inputs, and technical assessment for 
distributed payload Safety Data Packages (SDPs) can be 
garnered by electronic mail (email) or phone call. 
Electronic correspondence proves to be the most 
reliable in confirming messages have been sent and 
received, and is useful for tracking purposes. The 
present practices of establishing telephone conferences 
(teleconferences or telecons) or face to face Working 
Groups (WGs) helps to resolve technically specific 
issues in a majority of instances and prepare for the 
FSR. In preparing for the FSR, it truly is a team effort 
with the PSRP, its support personnel, and the PO. This 
may include internally interfacing with other NASA 
Safety Panels (i.e. NASA’s Safety Review Panel (SRP) 
which focuses on ISS systems hardware). In a similar 
way, Payload Developers (PDs) and POs must be 
accessible when preparing for scheduled FSRs. 

Within the contractor team of PSEs and administrative 
support, a weekly meeting is held to focus on the latest 
payload issues and forward plans for resolution. This 
open forum allows for PSEs to learn from each other 
and gain insight in how an issue is/was resolved if they 
are in a similar situation and receive feedback from 
other engineers on another resolution. Prior to the 
weekly internal Payload Safety meetings, the engineers 
should have a clear understanding on what the issue is, 
how the issue came about (via violation of a 
requirement, process escape, etc) and a recommendation 
for a resolution. This type of internal coordination 
allows for a more efficient means of communication and 
eliminates multiple discussions on the same issue. 
Utilizing the experience within the group, PSEs also 
benefit from the knowledge acquired by other more 
experienced engineers when they deal with an 
International Partner (IP) for the first time. 

Working with International Partners (IPs) 

In order to effectively review and resolve technical 
concerns within ISS Program, engineers and support 
personnel must take into consideration and prepare for 
potential cultural and language barriers. Working with 



IPs also means taking into consideration differences in 
time zones. NASA and the PSRP have addressed these 
challenges through cultural training classes, interpreters, 
and adjusting meeting times. 

Formats have been created to address technical and 
administrative concerns with IPs on bilateral and 
multilateral bases. A good example of an established 
bilateral format is the Joint American/Russian Safety 
Working Group (JARSWG), intended to provide 
support to the ISS for resolution of S&MA issues and 
facilitate the transfer of information, data and products 

[4] . There are weekly teleconferences held between 
NASA and Russia’s Rocket Space Corporation-Energia 
(RSC-E) and periodic face to face week-long meetings. 
The meetings have proven to be instrumental in 
facilitating concurrence between the two IPs and sets 
the tasks to be accomplished in preparation for flight. 
Many of the discussions open a dialogue which will 
translate into further email and data transmittals. It is 
interesting to note that the agreed-upon format for 
official NASA-to-RSC-E correspondence is the 
facsimile (fax), a technology used to transfer copies of 
documents, using equipment operating over a telephone 
network. A lesson to be learned from this practice is 
that the ISS community has made compromises to align 
with the most convenient communication method/s for 
each IP. Payload Safety and the PSRP performs a 
majority of their work through email, but finds no issue 
in meeting the request of the fax format to get work 
done. The positive results seen through the bilateral 
JARSWG are numerous. 

Another opportunity that has been developed with the 
IPs is the Franchising of NASA’s PSRP. This bilateral 
arrangement has provided an opportunity to further 
develop relationships between NASA and NASA 
Partners, share knowledge of safety with the 
international community, and streamline processing so 
PDs and POs have the option of going through their IP- 
franchised PSRP instead of only through the NASA 
PSRP. With the ESA PSRP Charter signed in July 2002 

[5] , NASA and ESA worked together closely through a 
step-wise development process that took shape over the 
course of five years [5] [6]. The ESA-based PSRP 
franchise was granted autonomy to perform FSRs in 
March 2007. 

In order to maintain consistency and connection 
between the NASA PSRP and ESA franchised PSRP, 
weekly telecons were initiated in June 2008. The 
telecons provide an opportunity to exchange concerns or 
provide unique support from one IP to the other on 
payload-specific issues, generic technical issues, and 
statusing of payload readiness in preparation for various 
flight readiness reviews. The weekly meetings with 
ESA became a key factor in helping to facilitate and 


ensure that NASA and ESA and their technical experts 
came together to address issues and to develop future 
work plans associated with a recent plasma emitting 
payload. As the relations between the two PSRPs 
expand, this forum will continue to allow both panels to 
address urgent and long-range issues in an informal 
manner. 

In addition to bilateral discussions, the PSRP schedules 
a monthly internal meeting with representatives from 
each IP invited to participate. NASA S&MA also has a 
Multilateral S&MA Panel (MSMAP) that addresses 
topics with all the IPs. The MSMAP conducts monthly 
telecons and routine face to face meetings. 

Preparing for Flight and On-Orbit Situations 

Without good information, the chances for resolution in 
our endeavors are significantly disadvantaged. As the 
numbers of payloads flying has increased, Payload 
Safety has been able to expand lines of communication 
and enlisted the help of NASA’s Payloads Office (OZ), 
and ISS Payload Integration Safety. With the help of 
these organizations, PS has been able to stay more 
current on late manifested payloads and can better 
coordinate with the IPs or POs on deliverables. This 
also helps the PSRP and PSEs address the increased 
frequency of emails and phone calls inquiring as to the 
completeness of payload hardware and verification 
closures as the flight preparation timeline drops off. 

For monitoring of activities during flight and on-orbit, 
the Safety Consoles at the various Mission Control 
Centers are the first to know about payloads operational 
activities that take place on ISS. As the number of 
International Modules increase, there is a need for solid 
communication between the IP Consoles to assure that 
operational issues are discussed real-time. There is also 
need to have direct access to the PSRP to resolve real- 
time issues and preserve a safe environment for 
crewmembers on orbit. 

The PSRP and PSEs maintain contact with the ISS 
Safety Console and track payload activities through 
daily reports sent out from the Payloads Operations 
Integration Center (POIC) at NASA’s Marshall Space 
Flight Center (MSFC). The daily reports or record of 
daily activity is an update each day of an agenda of 
operations to be conducted aboard the ISS for the week. 
The ESA Safety Console also provides a report that 
identifies the tasks taking place within the COL. Our 
goal is to be more aware of these items from both POIC 
and ESA. It is anticipated that a similar deliverable will 
be provided by our JAXA counterparts in the future. 



2.2. Future Planning 

As Payload Safety moves into the next phase of 
business, the expectations for communication will 
stabilize internally and increase internationally. With 
the retirement of the Shuttle, the next generation of 
payloads will travel primarily onboard the Russian 
vehicles, Soyuz and Progress, as well as ESA’s 
Automated Transfer Vehicle (ATV), JAXA’s H-II 
Transfer Vehicle (HTV), and perhaps some commercial 
carriers. Samples collected will need to return, and 
items with expiring certification will need to be 
returned, extended, or discarded. These considerations 
will significantly challenge and no doubt increase the 
work performed by Payload Safety participants. 

As new safety requirements are derived within Payload 
Safety for the next generation of NASA Crew 
Exploration Vehicles, the need for the PSRP support to 
learn from one another is one of the keys to successful 
safety assessments. Thus, we have an ever increasing 
obligation to stay connected. The rising utilization of 
Blackberry® phones, Personal Data Assistants (PDAs), 
and laptops keep us connected even outside of our 
offices, and keeps priorities in order. One 

recommendation regarding the availability of data 
would be for each IP to establish data exchange servers 
to hold larger files, with passwords to allow access to 
persons who need to download the information. This 
will provide critical access that can’t always be readily 
captured by telephone, fax, or email. 

As the ESA Franchise continues its autonomous 
operations it will be pulling away from NASA tutelage. 
The PSRP hopes to extend a franchise to JAXA and will 
require the same sensitivity in establishing the needed 
foundation and technical support. These efforts require 
increased demands on communication, with sensitivity 
to cultural differences. Counterparts on both sides will 
be given an opportunity to focus on instituting 
Memorandums of Agreement (MO As) across technical 
disciplines. These will require the technical experts to 
develop a working rapport and commonality of 
technical approach to assure payloads receive similar 
treatment from one franchise to the next. The goal of 
the PSRP Franchise-to-Franchise interchangeability will 
easily wither without frequent communications. 
Whereas ESA will see their biggest interactions through 
familiarity meetings and annual audits, JAXA will 
receive more attention focused on franchise 
establishment, and MOA development. It is vitally 
important that the entire Payload Safety community 
maintains close and frequent communications in order 
to avoid evolving into widely divergent (and possibly 
conflicting) processes from one country to the next. 


3. SAFETY REQUIREMENTS 

NASA and Programs within NASA have established 
Requirements intended to minimize risk and eliminate 
the probability of a hazardous condition occurring. The 
SSP and ISS Program Safety Policy is to maintain 
assurance of a safe operation while minimizing Program 
involvement in the design process of the payload [7]. 
Implementation of the Payload Safety Process is a joint 
responsibility between the PO, PSRP, and vehicle 
owner. The PO is responsible to assure the safety of its 
payload and implement the requirements; the PSRP and 
vehicle owner are responsible to review submitted 
payload SDPs and assess experiment design, transport 
and operation [2] [7]. 

The Safety Requirements utilized by the PSRP and 
referenced within this paper are listed here; however, 
there are numerous additional requirements referenced 
within these documents that are also relevant and 
applied to payloads. 

NSTS/ISS 13830 (Revision C) Payload Safety 
Review and Data Submittal Requirements for 
Payloads Using the Space Shuttle and International 
Space Station (current change number) [2], 

NSTS 1700.7B Safety Policy and Requirements For 
Payloads Using the Space Transportation 
System{ current change number) [7], and 
NSTS 1700.7B ISS Addendum Safety Policy and 
Requirements For Payloads Using the International 
Space Station (current change number) [8]. 

3.1. Observations from the Past and Daily Workings 

The initial authors of the Payload Safety Requirements 
wanted to craft a set of requirements that would be 
applicable to all items from the most complex 
deployable satellite to the simplest passive bag of 
tomato seeds. The requirements are, therefore, broad in 
scope and provide little detail. 

To have gone to great specificity would have required a 
soothsaying ability that is impossible. It would also 
have resulted in a requirements document that rivaled 
the Pay load-to- Shuttle Interface Control Document 
(ICD) (a detailed document well over 1000 pages) and 
would have been a burdensome duplication of effort for 
the payload developers that would have quashed most of 
the basic or low budget experimenters/payloads that are 
conducted on Shuttle and ISS. 

Interpreting Requirements 

A logical consequence of establishing an intentionally 
imprecise set of requirements was that the most efficient 
path to follow in order to demonstrate compliance was 
not obvious in many cases. To remedy this, the PSRP 
began the practice of documenting acceptance rationale 



and applications for safety requirements in requirements 
interpretation letters. These letters, signed by either the 
technical experts or program management, infuse a 
certain amount of engineering judgment to prevent a 
“one-size fits all” review standard and are collected in 
NSTS/ISS 18798 Revision B Interpretations of 
NSTS/ISS Payload Safety Requirements [9]. 

The interpretation letters are called upon by POs to 
determine how best to apply requirements and to verify 
appropriate controls to hazards and are, consequently, 
documented in the applicable requirements section of a 
hazard report. The letters are also considered by the 
PSRP and all reviewers of the payload’s hazard 
analysis, especially the technical experts. In many ways, 
the interpretations letters serve as reminders and capture 
the essential knowledge behind the requirements similar 
to the rationale statements provided in flight rules. 
Subjects addressed within interpretation letters include 
the following [9]: 

Protection of Payload Electrical Power Circuits, 
On-Orbit Bonding and Grounding, 

Crew Mating/Demating of Powered Connectors, 

Mechanical Systems Safety, and 

Safety Policy for Detecting Payload Design Errors. 

Maintaining Requirements 

As the Space Shuttle and ISS Programs have grown, the 
knowledge of vehicles and the microgravity 
environment have also grown. In order to maintain 
alignment of safety requirements with current 
knowledge, document-specific Change Requests (CRs) 
have been developed. 

Over the years, the PSRP and its technical support 
personnel have initiated, developed, and processed CRs 
to the three documents noted in Section 3.0 of this paper 
for the following reasons: 

The current requirement is out-dated due to 
advances in engineering standards, 

A new or previously un-known hazard is 
discovered, and 

Changes in the Space Shuttle or ISS Programs 
dictate changes that should be made to the 
requirements (Program directive). 

Before obtaining approval of the requested change, the 
change and supporting rationale are presented to 
multiple Program panels and boards, allowing for input 
from NASA Programs and, when applicable, the IPs. 
While the collective time required to process a CR can 
be large, maintaining the requirements tends to 
outweigh the time factor. 


3.2. Future Planning 

In looking forward to the post-Shuttle era, there are 
many changes that NASA needs to implement in the 
Safety Requirements. The PSRP -utilized requirements 
will reach further than originally drafted. With the 
development of IP-based PSRP Franchises, new 
vehicles and sustaining ISS, Payload Safety looks to 
share our requirements across Programs and agencies. 
Our vision is that we ultimately ensure continuity of 
Payload Safety Requirements in the post-shuttle era. 
Envisioning “Vision 1700” 

With the retirement of the Space Shuttle in 2010, 
Shuttle specific requirements will become obsolete. 
This poses a problem for the PSRP requirements as the 
NSTS 1700.7B and NSTS 1700.7B ISS Addendum are 
currently laid out. The current structure of these 
requirements documents are such that the ISS 
Addendum references back to the NSTS 1700.7B parent 
document [7]. The PSRP’s plan to address the ISS 
Safety Requirements has been deemed “Vision 1700” 
The proposed plan would merge the NSTS 1700.7B and 
ISS Addendum [8] into one document, with the 
proposed document designation of SSP 51700.7, for ISS 
payloads only [10]. Pointers to Shuttle specific 
requirements will be removed and launch vehicle safety 
requirements will only be mentioned as reference 
points. The launch vehicle owners (NASA’s Space 
Shuttle, ESA’s ATV, JAXA’s HTV, and Russia’s Soyuz 
and Progress) would continue maintaining their own 
launch vehicle safety requirements. 

The perceived benefits of this plan include eliminating 
the need to refer to safety requirements embedded in 
Shuttle documents when launching on other vehicles. 
This will create a roadmap with pointers to payload 
safety requirements across mission phases (launch, on- 
orbit operations, and return). 

The first steps involve the restructuring of the ISS safety 
requirements document, NSTS 1700.7B ISS Addendum, 
to allow a direct integration of Shuttle safety 
requirements and ISS safety requirements. Then, 
comments will be solicited from the PSRP community 
to be incorporated into a CR. The CR will include all 
previous changes made to NSTS 1700.7B and remove 
the Shuttle-based requirements that apply to the 
payload’s transport phase. The CR will then be 
distributed to the Multi-lateral community for a unified 
position on the direction of the document. 

Integrating all IP requirements and generating a truly 
international document will allow all parties to remain 
cognizant in ensuring the safety of the ISS program. 



4. PROCESSES 

Payload Safety Processes, the particular method of 
reviewing payloads for flight, generally involves a 
number of steps or operations. The PSRP operates 
under the general premise of receiving payload SDPs 
and reviewing payload SDPs; however, within this 
foundation there are many specific and detailed 
processes that can become applicable to the Payload 
Safety Process. 

To address Payload Safety Processes within this paper, 
past and daily workings are combined with future 
thoughts under each Process identified here. 

4.1. Process timelines for SDPs in support of an FSR 

In NSTS/ISS 13830 Paragraph 4.3.1 Data Submittals 
[2], the requirement is as follows: 

“Safety review meetings are scheduled to be 
held approximately 45 calendar days after 
receipt of an acceptable SDP (i.e., an SDP that 
satisfies all the requirements in this 
document).” 

Payloads and experiments require months if not years of 
planning, design, manufacturing, testing, and 
preparation for launch. Though 45 days seems like a 
long time for a review of a data package, the sheer 
quantity of work that flows through the PSRP for each 
payload requires that we have a set time to conduct a 
thorough review to assure that the safety of the manned 
space program is maintained. 

The following provides an insight into the activity that 
goes on with the PSRP to provide insight about the 45 
days. 

Upon receipt of the SDP, three days for 
administrative review is conducted to check the 
level of completeness of the package per submittal 
requirements, 

Dependent on the schedule this administrative 
review is followed by four weeks for technical 
review (28 days). This includes distribution of the 
package to technical support and comments from 
that support to be submitted at deadline to the 
associated PSE, and 

A two week (14 days) period follows the comment 
deadline in which the comments are worked with 
the Payload Organization for clarification (3+28+14 
- 45 days). 

The last two weeks can be very important. After the 
comments are provided by the technical reviewers, the 
PSE compiles the comments and provides them to the 
PO. This allows the PO to assess the types of questions 
that can be expected at the review. It is very desirable 
that the PO provide a response to the comments and 
communicate with the PSE to determine if a WG is 


required to better understand and/or explain specific 
areas of concern in preparation for the FSR. This 
alleviates extensive and repetitive discussions during the 
FSR and allows for a more efficient review. If updates 
are made to the SDP at any point from submittal of the 
SDP, the PO should document these changes and make 
that information available to the PSRP prior to the FSR. 

4.2. Panel Workload and Scheduling of Reviews 

The PSRP reviewed 449 SDPs in FY08 which equates 
to 8.6 SDPs per week. The same personnel that provide 
comments routinely sit in on the formal FSRs to discuss 
comments and guide the PSRP and POs to consensus on 
safety for their given areas of expertise. In FY08, the 
PSRP held 158 Formal FSRs, which equates to three 
FSRs per week. Not all reviews take the entire day, but 
by the same measure, some are multiple day reviews. 
Scheduling of reviews can seem somewhat capricious to 
PDs, since the first payload package in for a review is 
not necessarily the first one reviewed. The PSRP 
assigns priority based on manifested flight, hardware 
shipping status, complexity of payload, and other 
considerations dictated by Programs the PSRP supports. 
With POs continually submitting data outside of the 45 
day requirement and requesting an expedited review to 
meet launch or shipping schedules, the PSRP schedule 
becomes overloaded and the Panel runs the risk of 
becoming less effective. A short turn-around for a 
package increases the safety risk in that there is 
inadequate time to review all the necessary hazards. 
Payload Safety has taken the initiative to coordinate 
with POs for data submittals once a Change Evaluation 
Form (CEF) is submitted to the Manifest Working 
Group. Ideally, this should allow for an SDP submittal 
closer to the 45 day requirement and a more adequate 
review by the PSRP. 

4.3. Readiness Reviews 

The general business of space flight requires 
communication and attention to status by the NASA 
Space Shuttle and ISS Program Offices as well as those 
of our IPs that are supporting ISS by the launch of their 
vehicles. Flight support meetings include the Safety 
and Mission Success Reviews (SMSRs), Stage 
Operation Readiness Reviews (SORRs), Safety and 
Mission Assurance Panels (SMAPs) and Program 
Requirements Control Boards (PRCBs), to name the 
most common program meetings. These are required for 
providing status and readiness information to the 
Program and IP management who have a vested interest 
in the sustained support of the ISS. Preparation and 
support of these meetings require hundreds of man 
hours per flight by the PSRP to assure that safety 
information is provided to support each payload that is 
launched or returned. The main thrust of the Flight 
Support Meetings is providing the Certificate of Flight 



Readiness (CoFR) status. The CoFR process requires 
constant attention and weekly updates for the last 90 
days prior to launch. ESA PSRP is responsible for 
providing input to the PSRP CoFR for ESA PSRP- 
reviewed payloads. All IPs provide their CoFR 
endorsements for their respective segments to the ISS 
Program Manager. 

4.4. Payload Anomaly Reporting and Documentation 

Regardless of how well hardware is designed and the 
operations plan is prepared, anomalies may occur. 
Despite the cause of an anomaly, scientists and 
engineers have a duty to record the deviation and 
determine any planning or design change that would 
have kept this from occurring. Documenting anomalies 
becomes a historical database that serves many 
purposes, including determination of systemic causes, 
recurrent failures, need for improved materials and/or 
processes, etc. A properly written Anomaly Report 
(AR) could identify technical design issues, improper 
assembly, packaging, handling, transportation and 
stowage issues or even break down in communication 
between testing and design. The purpose of this section 
is to identify the basic information that should be 
included in an AR to address safety concerns. 

A Payload Anomaly Report (PAR) should contain: 

Definition of the anomaly - to include when and 
where it occurred, what was going on when the 
anomaly occurred {shipping, testing, 
manufacturing/assembly (define), storage, 
installation (where), launch, translation or on-orbit 
operations (again define)}, and what was affected 
(engineering hardware, flight hardware, test fixtures 
launch vehicle, ISS). It is also useful to note if 
personnel were injured and include pictures of the 
affected articles if at all possible. 

Investigation of the anomaly - This is where the PO 
should establish the root cause and implement a 
corrective action plan. Assessment of previous 
PARs could reveal similarities to other failures that 
have occurred and suggest a reassessment of the 
effectiveness of previous corrective actions. If this 
is a unique failure cause, document it accordingly. 
Effects of the anomaly - The PO should address 
whether the damage and subsequent rework/repair 
affects any safety controls or render them invalid. 
If any controls are invalidated, the method to revert 
to a safe state should be detailed. 

Once the PAR has been completed, it should remain 
with the Hardware Design Documentation/Data 
Package and be discussed at the next FSR with the 
PSRP. If the anomaly occurs after the Phase III FSR, 
either an Anomaly Technical Interchange Meeting 
(TIM) or Delta FSR may be required based on resultant 
design changes and/or effects on the applicable Hazard 


Reports and verifications. The minutes from that 
meeting will be used to document the acceptability of 
the report as it pertains to safety impacts (if any). 

As individuals intricately involved in the safety process, 
the PSRP has an obligation to assure that anomalies are 
sufficiently documented and worked to assure that 
Space Safety is not compromised. 

4.5. Non-Compliance Reports (NCRs) and Accepted 
Risk Hazard Reports (ARHRs) 

The journey to and from Low Earth Orbit and the 
operations, by definition, are hazardous. The Payload 
Safety requirements of NSTS 1700.7B were written to 
require two fault tolerance against any catastrophic (loss 
of life/vehicle) hazard [7] [8]. Where two fault tolerance 
is not practical (e.g. pressure vessels, structures, etc.), 
certain “Design for Minimum Risk” factors (materials, 
construction techniques, etc.) may be employed. Alas, 
in some cases, compliance with these stringent 
requirements can not be achieved. In such cases, 
NSTS/ISS 13830 has detailed several processes to bring 
the risks associated with such noncompliances in front 
of Program management for acceptance. The original 
process developed by the Space Shuttle Program at its 
outset and used by the ISS Program is the NCR Process. 
The NCR Process was utilized by the Space Shuttle 
Program from the beginning through the STS- 107 time 
period. With the Columbia accident, the process was 
discontinued for the Space Shuttle Program with the 
same type of information presented to the Program 
management in the Accepted Risk Hazard Report 
(ARHR) format. In either case, the risk associated with 
non-compliance with the Safety Requirements is 
documented. The change of acceptable documentation 
formats resulted in a great deal of confusion on the part 
of POs. This confusion can be avoided by the vigorous 
employment of process navigators such as Payload 
Integration Managers (PIMs). The lack of such 
expertise within the Payload Organization may result in 
numerous false starts on the way to getting approval for 
flight. 

The PSRP currently supports two Programs which 
complicate the process when judging the hazard self- 
assessments performed by the POs, as there are two 
processes to follow to get NCR approval. Non- 
compliances that affect both Programs are obligated to 
proceed through both processes. It should be noted that 
the Constellation Program is not yet requiring active 
support from the PSRP, but NSTS 1700.7B and 
NSTS/ISS 13830 are found in their requirements 
documents, too. 

Space Shuttle ARHR Process : The Shuttle ARHR 

Process involves stops at many pre-boards on the way to 
the Program Requirements Control Board (PRCB). 



First, naturally, the ARHR is coordinated with the 
PSRP. After concurrence is reached at the PSRP, the 
ARHR is next brought to the Shuttle Program’s SMAP. 
At this point, the ARHR may be brought before a 
special board such as the Extra Vehicular Activity 
(EVA) Analysis and Integration Team (AIT) if 
appropriate. This is followed by review and 
concurrence at the Flight Operations and Integration 
Control Board (FOICB). If the ARHR is related to an 
ISS mission, the subsequent review authority is the Joint 
Mission Integration Control Board (JMICB). Following 
concurrence there, the ARHR is brought by the PO to 
the PRCB. 

ISS NCR Process : ISS NCRs follow a similar array of 
meetings. First, the PO brings the NCR to the PSRP. 
Then the ISS SMAP must concur on the NCR. Then, 
unless concurrence is necessary from the EVA AIT or 
the JMICB, the PO may proceed to the Space Station 
Program Control Board (SSPCB). 

5. CONCLUSION 

Payload Safety’s focus remains on securing the manned 
flight initiatives that were the basis of the PSRP Charter. 
There are areas that need continuous attention to assure 
that our experimental facilities maintain a central theme 
of safety first, last and always. The road thus far has 
been a learning experience filled with evolving ideas, 
and the future suggests a continuation of the same with 
a more rigorous use of time, people, and money. The 
building blocks for continued safe payload operations 
physically exist aboard the ISS and it is up to Payload 
Safety to balance the challenges of streamlining 
requirements and processes. Communication, 
documentation, and procedural development need to be 
carefully watched and continually nurtured as we move 
into the increasingly diverse areas of international 
cooperation in space exploration. Each of our future 
space exploration goals starts today, and how we view 
safety will either result in demands to cease as a result 
of our failures or will keep the public viewing space 
exploration as exhilarating due to our success. 
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Purpose of Paper 

• Provide a Lessons Learned from a Payload 
Safety Perspective 

• Discuss the Objectives for Payload Safety in the 
Next Era of Flight Safety 

• Promote Effective Communication 

• Discuss Future of Payload Safety Requirements 

• Encourage the Development of a More 
Streamlined and Efficient Safety Process 
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Payload Safety Background 

• Chartered by NASA in the 1970s, the Payload Safety Review Panel (PSRP) 
began conducting reviews of payload flight hardware or Flight Safety Reviews 
(FSRs) in 1979 in support of the Space Shuttle Program 

• Comprised of approximately twelve members representing key NASA 
Directorates (divisions) and the Space Shuttle and ISS vehicles 

- Interpretation of safety requirements and provide recommendations for 
implementation and/or interpretation 

- Evaluate modifications to hardware that either affect a safety critical 
subsystem or create a potential hazard to the vehicle or crew 

- Evaluate safety analyses, safety reports, and non-compliant conditions 

- Assure the resolution of safety issues 

• Supports both the Space Shuttle Program and the ISS Program and will be 
supporting NASA’s newest program the Constellation/Exploration Program in 
the future 
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Communication 



• Baseball 

- Coach giving signals, 

- 1 st Base Coach speaking 
directly 

- Conference at the mound 

• Key Communication 

- Internal PSRP 

• Monthly Internal PSRP Review 
(IPR) 

• Scheduling 

• Resolution of Technical Concerns 

- Internal NASA 

• Requirement Consistency (Change 
Requests) 

- External (Payload 
Organizations and International 
Partner) 

• Flight Safety Review Preparation 

• JARSWG 

• ESA Franchise 
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Communication 


BR&AK 



• Cultural Differences 

• Time Zones 

• Language Barriers 

• Differences in 
Interpretation 

• Frequency and Format 



Suddenly, a heated exchange took place 
between the King and the moat contractor. 




Safety Requirements 



Intentionally Ambiguous 

Safety Requirements 

- Interpretation Letters to provide 
technical detail and assistance 
on deciphering requirements 

Change Requests 

- To stay up-to-date with current 
technologies and knowledge 
base 
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Safety Requirements 




The “Vision” 



- Merge the NSTS 1700.7B and ISS Addendum into one document 
(Vision 1700) 


Forward work 

- Comments will be solicited from the PSRP into a Change Request (CR) 

- Distribute to the Multi-lateral community for a unified position on the 


direction of the document 
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Processes 


• Data Submittal 

- NSTS/ISS 13830 requires that Safety review meetings are scheduled to 
be held approximately 45 calendar days after receipt of an acceptable 
Safety Data Package (SDP) 


• Forward work 

- Encourage POs to adhere to the submittal requirements in an effort to 
provide a thorough safety review 

- Assign priority based on manifested flight, hardware shipping status, 





Processes 




Payload Anomaly 
Reports (PARs) 

- Return Hardware to a Safe 
Configuration 

- Assessment of the Anomaly 

- Investigation of Root Cause 

- Effects and Safety 
Implications 


Forward Work 

- Proper documentation by 
PO into a PAR 

- Review PAR with PSRP 
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Processes 



• Non-Compliances and Risk 

- Alleviate confusion in navigation through the Non-Compliance Reports 
(NCRs) and Accepted Risk Hazard Reports (ARHRs) processes 


• Forward work 

- Assistance of process navigators such as Payload Integration Managers 
(PIMs) is essential 

- Develop a clear understanding of which process steps will be utilized 
(Space Shuttle ARHR Process, ISS NCR Process) to achieve closure 




Summary/Recommendation 



Each of our future space exploration goals starts today, 
and how we view safety will either result in demands to 
cease as a result of our failures or will keep the public 
viewing space exploration as exhilarating due to our 
success. 
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